Information regarding the processing of personal data – video surveillance

Data Protection Statement for Video Monitoring

Your personal information is very important to us. That is why we are committed to complying with both European and national data protection laws, especially Regulation (EU) 679/2016 (hereinafter referred to as GDPR), Law 190/2018, and the following principles:

• Lawfulness, Fairness, and Transparency: We process your data legally and fairly. We are always transparent about the information we use, and you are properly informed.
• You Are in Control: Within the limits of the law, we offer you the ability to review, modify, or delete the personal data you have shared with us and to exercise your other rights.
• Data Integrity and Purpose Limitation: We use your data only for the purposes described at the time of collection or for new purposes compatible with the original ones. In all cases, our purposes comply with the law. We take reasonable measures to ensure personal data is accurate, complete, and up-to-date.
• Security: We have implemented reasonable security measures to protect your data as best as possible. However, please note that no website, application, or internet connection is completely secure.

 

1. Controller Identity and Contact Details

INTEGRATION DATA SYSTEMS S.R.L., headquartered in Bucharest, Sector 1, Argentina St. No. 43, registered with the Trade Register under No. J40/8392/2012, VAT No. RO 30455799, account RO67INGB0000999906214786 at ING BANK, email: IDS_Office@ids-consulting.ro, represented by Gabriel Sebastian Tataru.

 

2. Purpose(s) and Means of Personal Data Processing

Your personal data is processed for the following purposes:

• Monitoring access to the company premises;
• Ensuring the security of company spaces and assets, as well as the safety of individuals within the offices or work points;
• Monitoring the fulfillment of contractual obligations.

 

3. Legal Basis for Processing

The processing of personal data through video surveillance, including installation and use of video equipment and system components, is carried out in accordance with legal requirements:

• Regulation No. 679/2016 concerning the protection of individuals regarding personal data processing and the free movement of such data, specifically Article 6(1)(c) (processing is necessary for compliance with a legal obligation) and Article 6(1)(e) (processing is necessary for the performance of a task in the public interest or in exercise of official authority);
• Law No. 333/2003 regarding the guarding of objectives, assets, values, and protection of persons, as amended;
• Methodological norms for the application of Law No. 333/2003, approved by Government Decision No. 301/2012, as amended;
• Order No. 52/2002 regarding approval of minimum security requirements for personal data processing, issued by the Ombudsman;
• The legitimate interest of the controller, as per Article 6(1)(f).

 

4. Categories of Personal Data Processed

The following categories of personal data are processed under this notice:

• Images of individuals.

 

5. Recipients of Processed Personal Data

Access to recorded and live video images is limited to a small number of employees, who can be clearly identified, and is determined by their specific job responsibilities (for what purpose and what type of access). Access to recorded footage and/or the technical architecture of the video system is similarly limited and determined by job responsibilities.

 

6. Transfer of Personal Data

Your personal data will not be transferred to third-party operators or organizations outside the European Union or the United States of America.

 

7. Personal Data Storage Period or Criteria

We store processed personal data for up to 30 days. If collected images become evidence in administrative, civil, or criminal investigations, they will be retained until the resolution of the respective case.

 

8. Your Rights Regarding Processed Personal Data

According to Articles 15-22 of Regulation (EU) 679/2016, you have the following rights regarding your personal data processing:

1. Right of Access: The right to obtain confirmation from the Controller as to whether your personal data is being processed and, if so, access to that data and certain information as provided by law.
2. Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
3. Right to Erasure (“Right to be Forgotten”): The right to request deletion of personal data under certain circumstances, including when the data is no longer necessary for processing purposes, when consent is withdrawn, when processing is unlawful, or when the data must be erased to comply with a legal obligation.
4. Right to Restriction of Processing: The right to request restriction of processing under certain conditions, such as contesting the accuracy of data or when processing is unlawful but you oppose deletion.
5. Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
6. Right to Object: The right to object, at any time, to the processing of your personal data or profiling, subject to legal exceptions.
7. Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Consent cannot be withdrawn for data necessary for contract execution, legal obligations, legitimate interests, vital interests, or tasks in the public interest.
8. Automated Decision-Making and Profiling: If automated decision-making and profiling exist, you have the right to request human intervention, express your views, and contest decisions.

 

The rights listed above are not absolute. There are exceptions, so each request will be analyzed to determine if it is justified. If the request is justified, we will facilitate the exercise of your rights. If unjustified, we will reject it and inform you of the reasons for refusal and your right to file a complaint with the Supervisory Authority or to seek justice. We aim to respond within 30 days, but the period may be extended depending on factors like request complexity or volume.

 

You may exercise these rights by submitting a written request or by completing the “Data Subject Request” form and sending it to IDS_dpo@ids-consulting.ro or to our postal address: Bucharest, Sector 1, Argentina St. No. 43, attention: Data Protection Officer. You may also submit your request in person at our headquarters.

Data Subject Request (for exercising rights under Articles 7, 12-22 of GDPR)

As a data subject, under Regulation (EU) 679/2016, you also have the right to lodge a complaint with the Supervisory Authority (ANSPDCP) regarding the way your data is processed or your rights are respected.